Security News

Bitwarden vs KeePass (2024): Battle of the Best – Who Wins?
2024-07-03 10:11

The major differences between Bitwarden and KeePass quickly became apparent once I started testing out both password managers. Read on to find out why Bitwarden is probably a better fit for your needs than KeePass - unless you're extremely technical and demand a highly customizable password manager.

How to Use KeePass Step-by-Step Guide
2024-01-31 17:28

In this article, we walk you through how to set up and use KeePass. If you're using a different operating system, simply look for the appropriate download link under KeePass' Contributed/Unofficial KeePass Ports list.

Week in review: Cybersecurity cheat sheets, widely exploited Cisco zero-day, KeePass-themed malvertising
2023-10-22 08:00

The real impact of the cybersecurity poverty line on small organizationsIn this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership. Cisco IOS XE zero-day exploited by attackers to deliver implantA previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today.

Fake KeePass site uses Google Ads and Punycode to push malware
2023-10-19 18:17

A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Even worse, Google Ads can be abused to show the legitimate domain for Keepass in the advertisements, making the threat hard to spot even for more diligent and security-conscious users.

Google ads for KeePass, Notepad++ lead to malware
2023-10-19 09:11

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malware peddlers have a number of clever tricks up their sleeve to make the malicious ads and the sites they lead to look legitimate.

KeePass v2.54 fixes bug that leaked cleartext master password
2023-06-05 14:15

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory.In May 2023, security researcher 'vdohney' disclosed a vulnerability and proof-of-concept exploit that allowed you to partially extract the cleartext KeepPass master password from a memory dump of the application.

Serious Security: That KeePass “master password crack”, and what we can learn from it
2023-05-31 19:39

Simply put, the CVE-2023-32784 vulnerability means that a KeePass master password might be recoverable from system data even after the KeyPass program has exited, because sufficient information about your password might get left behind in sytem swap or sleep files, where allocated system memory may end up saved for later. A long-term password leak in memory also means that the password could, in theory, be recovered from a memory dump of the KeyPass program, even if that dump was grabbed long after you'd typed the password in, and long after the KeePass itself had no more need to keep it around.

KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
2023-05-22 06:33

A proof-of-concept has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances. "Apart from the first password character, it is mostly able to recover the password in plaintext," security researcher "Vdhoney," who discovered the flaw and devised a PoC, said.

Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days
2023-05-21 08:00

Apple fixes WebKit 0-days under attackApple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited." Enhancing open source security: Insights from the OpenSSF on addressing key challengesIn this Help Net Security interview, we meet a prominent industry leader.

KeePass exploit helps retrieve cleartext master password, fix coming soon
2023-05-18 20:26

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. This master password encrypts the KeePass password database, preventing it from being opened or read without first entering the password.